CVE-2022-33329 Command injection vulnerabilities exist in the web_server ajax endpoints of Robustel R1510 3.3.0. A specially-crafted network packet can lead to arbitrary command execution.

CVE-2022-33329 Command injection vulnerabilities exist in the web_server ajax endpoints of Robustel R1510 3.3.0. A specially-crafted network packet can lead to arbitrary command execution.

When the `/ajax/set_sys_time/` endpoint is called, the request data can be manipulated by an attacker. As an example, the following request will set the system time of the Robustel R1510 server to January 1, 1970: ``` http://10.10.10.10/robustel/ajax/set_sys_time/ -H 'Host: 10.10.10.10' -H 'User-Agent: Robocopy' -H 'Accept: */*' -H 'X-Robocopy-Default: Automatic' -H 'X-Robocopy-Default-Port: 8080' -H 'X-Robocopy-Default-Method: HEAD' -H 'X-Robocopy-Default-Uri: https://10.10.10.10/robustel/' -H 'X-Robocopy-Default-Path: /robustel/' -H 'X-Robocopy-Default-Timeout: 120' --data '{' -H 'Content-Type: text/plain' -H 'Date: Sat, 10 Dec 2017 08:21:18 +0000' -H 'X-Robocopy-default: Automatic' -H 'X-Robocopy-Default-Port: 8080' -H 'X-Robocopy-Default-Method: HEAD' -H '

Disabling the `webAuthSignature` Response Parameter

The `webAuthSignature` response parameter is sent to the client by the web server in order to create a secure signature for the required digest authentication. This request contains an authorization header which will be ignored by the server if the `webAuthSignature` has been disabled using ``WEBAUTH_SIGNATURE_ENABLED``. An attacker could use this feature of the server to bypass authentication and gain access without any limits.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe